starlingx/upstream
Code Issues Proposed changes

Merge "openstack-helm remove Ceph Jewel support"

Browse Source
This commit is contained in:
Zuul 2019-05-02 16:53:24 +00:00 committed by Gerrit Code Review
commit a1e49d6809
3 changed files with 1 additions and 179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openstack/openstack-helm/centos/build_srpm.data
View File

@ -5,4 +5,4 @@ TAR="$TAR_NAME-$SHA.tar.gz"
COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/* "
TIS_PATCH_VER=15
TIS_PATCH_VER=16

2
openstack/openstack-helm/centos/openstack-helm.spec
View File

@ -28,7 +28,6 @@ Patch06: 0006-Nova-chart-Support-ephemeral-pool-creation.patch
Patch07: 0007-Horizon-Disable-apache2-status_module.patch
Patch08: 0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch
Patch09: 0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch
Patch10: 0010-Enable-Ceph-Jewel-support-for-nova-cinder-glance.patch
BuildRequires: helm
BuildRequires: openstack-helm-infra
@ -48,7 +47,6 @@ Openstack Helm charts
%patch07 -p1
%patch08 -p1
%patch09 -p1
%patch10 -p1
%build
# initialize helm and build the toolkit

176
openstack/openstack-helm/files/0010-Enable-Ceph-Jewel-support-for-nova-cinder-glance.patch
View File

@ -1,176 +0,0 @@
From c7ba07e6148f62b912e36a4efba5ae296ed64217 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Fri, 22 Mar 2019 03:45:02 -0400
Subject: [PATCH 10/10] Enable Ceph Jewel support for nova/cinder/glance
Current upstream charts align to Ceph Luminous/Mimic. Revert
functionality that is not present in Jewel.
Drop this after the Ceph rebase to Mimic is complete.
Change-Id: I44f9a69927ecdbe4f5bfef17183b2345814ce534
Signed-off-by: Robert Church <robert.church@windriver.com>
---
cinder/templates/bin/_backup-storage-init.sh.tpl | 14 ++++++--------
cinder/templates/bin/_storage-init.sh.tpl | 15 ++++++---------
glance/templates/bin/_storage-init.sh.tpl | 15 ++++++---------
nova/templates/bin/_ceph-keyring.sh.tpl | 22 +++++-----------------
nova/templates/bin/_nova-storage-init.sh.tpl | 22 ++++++++++------------
5 files changed, 33 insertions(+), 55 deletions(-)
diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl
index 52c8e6bf..d81bcce2 100644
--- a/cinder/templates/bin/_backup-storage-init.sh.tpl
+++ b/cinder/templates/bin/_backup-storage-init.sh.tpl
@@ -47,16 +47,14 @@ elif [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "cinder-backup"
if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
- echo "Cephx user client.${RBD_POOL_USER} already exists"
- echo "Update its cephx caps"
- ceph auth caps client.${RBD_POOL_USER} \
- mon "profile rbd" \
- osd "profile rbd pool=${RBD_POOL_NAME}"
- ceph auth get client.${RBD_POOL_USER} -o ${KEYRING}
+ KEYSTR=$(echo $USERINFO | sed 's/.*\( key = .*\) caps mon.*/\1/')
+ echo $KEYSTR > ${KEYRING}
else
+ #NOTE(Portdirect): Determine proper privs to assign keyring
ceph auth get-or-create client.${RBD_POOL_USER} \
- mon "profile rbd" \
- osd "profile rbd pool=${RBD_POOL_NAME}" \
+ mon "allow *" \
+ osd "allow *" \
+ mgr "allow *" \
-o ${KEYRING}
fi
diff --git a/cinder/templates/bin/_storage-init.sh.tpl b/cinder/templates/bin/_storage-init.sh.tpl
index 9288ec5f..62aedf78 100644
--- a/cinder/templates/bin/_storage-init.sh.tpl
+++ b/cinder/templates/bin/_storage-init.sh.tpl
@@ -44,17 +44,14 @@ if [ "x$STORAGE_BACKEND" == "xcinder.volume.drivers.rbd.RBDDriver" ]; then
ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "cinder-volume"
if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
- echo "Cephx user client.${RBD_POOL_USER} already exist."
- echo "Update its cephx caps"
- ceph auth caps client.${RBD_POOL_USER} \
- mon "profile rbd" \
- osd "profile rbd"
- ceph auth get client.${RBD_POOL_USER} -o ${KEYRING}
+ KEYSTR=$(echo $USERINFO | sed 's/.*\( key = .*\) caps mon.*/\1/')
+ echo $KEYSTR > ${KEYRING}
else
- #NOTE(JCL): Restrict Cinder permissions to what is needed. MON Read only and RBD access to Cinder pool only.
+ #NOTE(Portdirect): Determine proper privs to assign keyring
ceph auth get-or-create client.${RBD_POOL_USER} \
- mon "profile rbd" \
- osd "profile rbd" \
+ mon "allow *" \
+ osd "allow *" \
+ mgr "allow *" \
-o ${KEYRING}
fi
diff --git a/glance/templates/bin/_storage-init.sh.tpl b/glance/templates/bin/_storage-init.sh.tpl
index 5a9572fa..feec7588 100644
--- a/glance/templates/bin/_storage-init.sh.tpl
+++ b/glance/templates/bin/_storage-init.sh.tpl
@@ -53,17 +53,14 @@ elif [ "x$STORAGE_BACKEND" == "xrbd" ]; then
ensure_pool "${RBD_POOL_NAME}" "${RBD_POOL_CHUNK_SIZE}" "glance-image"
if USERINFO=$(ceph auth get "client.${RBD_POOL_USER}"); then
- echo "Cephx user client.${RBD_POOL_USER} already exist."
- echo "Update its cephx caps"
- ceph auth caps client.${RBD_POOL_USER} \
- mon "profile rbd" \
- osd "profile rbd pool=${RBD_POOL_NAME}"
- ceph auth get client.${RBD_POOL_USER} -o ${KEYRING}
+ KEYSTR=$(echo "${USERINFO}" | sed 's/.*\( key = .*\) caps mon.*/\1/')
+ echo "${KEYSTR}" > "${KEYRING}"
else
- #NOTE(JCL): Restrict Glance user to only what is needed. MON Read only and RBD access to the Glance Pool
+ #NOTE(Portdirect): Determine proper privs to assign keyring
ceph auth get-or-create "client.${RBD_POOL_USER}" \
- mon "profile rbd" \
- osd "profile rbd pool=${RBD_POOL_NAME}" \
+ mon "allow *" \
+ osd "allow *" \
+ mgr "allow *" \
-o "${KEYRING}"
fi
diff --git a/nova/templates/bin/_ceph-keyring.sh.tpl b/nova/templates/bin/_ceph-keyring.sh.tpl
index 4af83a48..68e37828 100644
--- a/nova/templates/bin/_ceph-keyring.sh.tpl
+++ b/nova/templates/bin/_ceph-keyring.sh.tpl
@@ -29,25 +29,13 @@ cat > ${KEYRING} <<EOF
EOF
{{- else }}
if ! [ "x${CEPH_CINDER_USER}" == "xadmin" ]; then
- #
- # If user is not client.admin, check if it already exists. If not create
- # the user. If the cephx user does not exist make sure the caps are set
- # according to best practices
- #
- if USERINFO=$(ceph auth get client.${CEPH_CINDER_USER}); then
- echo "Cephx user client.${CEPH_CINDER_USER} already exist"
- echo "Update user client.${CEPH_CINDER_USER} caps"
- ceph auth caps client.${CEPH_CINDER_USER} \
- mon "profile rbd" \
- osd "profile rbd"
- ceph auth get client.${CEPH_CINDER_USER} -o ${KEYRING}
- else
- echo "Creating Cephx user client.${CEPH_CINDER_USER}"
+ #NOTE(Portdirect): Determine proper privs to assign keyring
ceph auth get-or-create client.${CEPH_CINDER_USER} \
- mon "profile rbd" \
- osd "profile rbd" \
+ mon "allow *" \
+ osd "allow *" \
+ mgr "allow *" \
-o ${KEYRING}
- fi
+
rm -f /etc/ceph/ceph.client.admin.keyring
fi
{{- end }}
diff --git a/nova/templates/bin/_nova-storage-init.sh.tpl b/nova/templates/bin/_nova-storage-init.sh.tpl
index f79fcff0..d11b8bc1 100644
--- a/nova/templates/bin/_nova-storage-init.sh.tpl
+++ b/nova/templates/bin/_nova-storage-init.sh.tpl
@@ -43,20 +43,18 @@ if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
}
ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "nova-ephemeral"
+ # TODO: Rework this part for the nova/glance/cinder charts to preserve this
+ # on the next chart rebase to latest if the ceph mimic rebase isn't complete.
if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
- echo "Cephx user client.${RBD_POOL_USER} already exist."
- echo "Update its cephx caps"
- ceph auth caps client.${RBD_POOL_USER} \
- mon "profile rbd" \
- osd "profile rbd"
- ceph auth get client.${RBD_POOL_USER} -o ${KEYRING}
+ KEYSTR=$(echo $USERINFO | sed 's/.*\( key = .*\) caps mon.*/\1/')
+ echo $KEYSTR > ${KEYRING}
else
- # NOTE: Restrict Nova permissions to what is needed.
- # MON Read only and RBD access to the Nova ephemeral pool only.
- ceph auth get-or-create client.${RBD_POOL_USER} \
- mon "profile rbd" \
- osd "profile rbd" \
- -o ${KEYRING}
+ #NOTE(Portdirect): Determine proper privs to assign keyring
+ ceph auth get-or-create client.${RBD_POOL_USER} \
+ mon "allow *" \
+ osd "allow *" \
+ mgr "allow *" \
+ -o ${KEYRING}
fi
ENCODED_KEYRING=$(sed -n 's/^[[:blank:]]*key[[:blank:]]\+=[[:blank:]]\(.*\)/\1/p' ${KEYRING} | base64 -w0)
--
2.16.5